so i tried to do some internet financial stuff recently, and FF and IE on my home lappy, FF and Kon on the home desktop, and my G1 all returned invalid certificates by unknown issuer to log in. so i didn't use the web and phoned in to deal with being on hold. extra fees were waived for speaking to a rep since i couldn't log in, but as a 4x check my parents machine running *older* FF and older kubuntu recog.. hello... FF spell checker on kubuntu doesn't recognize the word kubuntu or ubuntu... recognized the cert as being a valid verisign certificate valid through next year. any ideas on what's going on there?

metis wrote:so i tried to do some internet financial stuff recently, and FF and IE on my home lappy, FF and Kon on the home desktop, and my G1 all returned invalid certificates by unknown issuer to log in. so i didn't use the web and phoned in to deal with being on hold. extra fees were waived for speaking to a rep since i couldn't log in, but as a 4x check my parents machine running *older* FF and older kubuntu recog.. hello... FF spell checker on kubuntu doesn't recognize the word kubuntu or ubuntu... recognized the cert as being a valid verisign certificate valid through next year. any ideas on what's going on there?

Somehow your machine is holding on to expired certificates. First identify the certificate(s) that has(have) trouble. Then go to Internet Options -> Content -> Certificates. Inspect all tabs for those certificates and remove them. Delete temporary cache, cookies and history in IE. Reboot computer (this will remove anything cached in memory). Try to visit the site(s) again and you should be prompted to accept their new and valid certificates. Do the similar operations in FF.

Every browser has a different CRL (Certificate Revocation List). Some browsers will honor some of the goofy Certificate Authorities and some will not. When people opt to buy the cheap certificate from the bank of hong kong, it's not necessarily going to be accepted everywhere, that's all subject to the CRL. Who was the CA? Was the Certificate legitimately revoked? Did the common name on the certificate match the domain you were visiting? You saw https in your address bar, correct? Etc...

I do not believe that caching of SSL certificates or content is allowed, but it is possible that could be an issue. Another thing to keep in mind, is the null termination issues that recent browsers have had and all of the faulty debian certificates that have been revoked.

As you can see, there are a multitude of things that could have gone wrong, but you did the right thing by calling in. Good on you!